9.3

CVE-2009-3604

Exploit
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoolabsXpdf Version3.02pl1
   GnomeGpdf
   KdeKpdf
FoolabsXpdf Version3.02pl2
   GnomeGpdf
   KdeKpdf
FoolabsXpdf Version3.02pl3
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version2.00
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version2.01
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version2.02
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version2.03
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.00
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.01
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.02
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.2.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.4
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.4
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.9
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.90
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.91
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.4
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.4
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.5
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.6
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.7
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.4
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.5
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.6
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.7
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.0
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.1
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.2
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.3
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.12.0
   GnomeGpdf
   KdeKpdf
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.7% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37114
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.vupen.com/english/advisories/2010/1040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37028
Vendor Advisory
http://secunia.com/advisories/37037
Vendor Advisory
http://secunia.com/advisories/37043
Vendor Advisory
http://secunia.com/advisories/37053
Vendor Advisory
http://secunia.com/advisories/37077
Vendor Advisory
http://secunia.com/advisories/37079
Vendor Advisory
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2009/2928
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://secunia.com/advisories/37023
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1500.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Patch
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
Patch
Exploit
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
Patch
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
http://secunia.com/advisories/37042
Vendor Advisory
http://site.pi3.com.pl/adv/xpdf.txt
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=526911
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969